Table of Contents
Advertisement
JUNOSe 11.1.x Policy Management Configuration Guide
Consider the following scenarios.
Scenario 1: When
1.
Configurations Use the
Same Identification
Criteria
2.
3.
248
Avoiding Conflicts Between Multiple Packet Mirroring Configurations
IP address associated with the virtual router where the subscriber logs in
3.
Username associated with the virtual router where the subscriber logs in
4.
NAS port ID
5.
A RADIUS log-in configuration always implicitly uses the Acct-Session-ID to
identify the subscriber. This trigger has the highest priority of the five possible
identification methods. For this reason, when a subscriber logs in, an existing
RADIUS login configuration always takes effect over other packet mirroring
configurations.
A RADIUS CoA configuration affects only subscribers that are currently logged
in. It does not create persistent rules. Subscribers that log in after the CoA request
goes out are not mirrored by the configuration.
If a subscriber that is mirrored by a RADIUS CoA configuration subsequently
logs out and then logs back in, that subscriber is no longer mirrored by the
configuration. However, that subscriber might now be mirrored by an existing
RADIUS login or CLI-based configuration.
A CLI-based configuration creates persistent rules. The configuration affects
subscribers that are logged in when the configuration is created, and subscribers
that log in thereafter.
You can create a new configuration or modify an existing configuration to override
a configuration that is currently mirroring subscribers. You must use the same
subscriber selection criteria that were used by the current configuration. The
overriding configuration can be either CLI-based or a RADIUS CoA configuration;
it does not have to match the configuration source used by the current
configuration.
When a CLI-based or RADIUS CoA configuration identifies a targeted subscriber
group, all members of the group are examined to determine whether any of
these members is already mirrored using a different identification method. If
that is the case, none of the group members is mirrored by the new configuration.
Deletion of a CLI rule has no effect on subscribers that are currently being
mirrored. They continue to be mirrored as before the deletion. These subscribers
are not reevaluated against any remaining identification criteria when a CLI rule
is deleted.
When mirroring is disabled by RADIUS CoA, subscribers that were being mirrored
are not evaluated against an existing CLI configuration.
Currently logged-in subscribers are not being mirrored. These subscribers include
20 subscribers with the username joe@example.com. Their subscriber access
is through virtual router boston1.
You create a RADIUS CoA (RADIUS-initiated) configuration that targets subscribers
that match joe@example.com logging in through virtual router boston1.
Mirroring begins for all 20 of these subscribers.
Advertisement
Table of Contents
Need help?
Do you have a question about the POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X and is the answer not in the manual?
Questions and answers